Gear Review: TappLock Electronic Padlock

Part of being a responsible gun owner is making sure that your firearms don’t fall into the wrong hands, whether that’s kids or Chicago politicians. The trick to any good storage system is that it  not only keeps your firearms safely locked away and inaccessible to uninvited guests, but it also allows you to quickly and easily access your firearms in case of emergency. Traditional padlocks do an okay job, but the TappLock thinks that it can make access to your firearms quicker and more secure than ever before.

Traditional locks are pretty good, but they do have some issues. Locks that use a key are simple to use, but they can be fairly easily picked and require you to always have the key accessible in order to open it.

Combination locks mean you don’t need a physical token to access your safe and can allow your trusted friends (or wife, I suppose) to get in when they need. But if that relationship comes to an end you either need to re-set the combination or just hope that they never come around again.

The TappLock offers an interesting solution to that problem that claims to enable you to access your firearm quickly, securely, and grant and revoke access to anyone you want at any time.

The lock itself is…rather massive. It’s definitely larger than a standard Master Lock, and much heavier too. The reason is that this is no normal lock, but instead this lock uses all sorts of electronic magic to do its business.

According to the manufacturer there are three ways to open the lock. The first is with a fingerprint reader on the front of the lock. The second is via bluetooth with an app on your phone. And the third is by tapping some morse code in the lock. But first, it needs to get on something to lock it up.

Like I said, the lock is massive. The shackle itself is small enough to fit on most places like this Pelican 1200 case, but the body is too large to allow it to pivot into place and lock. So I’d recommend you make sure whatever you are trying to lock up has enough clearance to fit this beast before you drop the change on one of them.

Assuming you find something that can be secured with this lock, it does work as intended. You need to pair the lock with your phone in order to configure it, at which point you can enroll a couple fingers in the fingerprint reader and set up a morse code passphrase to open it in case you… forget a finger? I guess? Anyway, you can also open it directly via an app on your phone and can share the ability to unlock the lock with anyone else who also has the app.

Unlocking the device is a two step process, and the fingerprint is the easiest and quickest. First, turn on the lock by pressing the small power button in the bottom of the lock. Second, place your finger on the fingerprint reader. Wait the advertised 0.8 seconds, and the lock’s internal mechanism should open. If you’re going for pure speed then I’d still recommend the GunVault line, as I can get that open quicker in a hurry (as even after the lock is open you still need to remove it and open the door, but the GunVault just pops open). But it is definitely quicker than a combination or key based lock of the same design.

The manufacturers claims that the lock is resistant to water and weather, so you could theoretically put it anywhere. I didn’t necessarily test that, but it’s cool in theory.

There’s no denying that the lock is unique. Adding the ability to open something with just the touch of a finger (and the press of a button) is valuable, and for some people that’s exactly what they need. If you need to give someone temporary access to your gun cabinet, using the sharing feature of the app is a fantastic way of doing that. But there are some issues.

Let’s say you’re heading out to the hunt of a lifetime. You pack your best rifle in a case, head to the airport, duly declare your firearm to the airline agent and head through security. Once on the other side TSA pages you and wants to take a look inside your case for some reason. What do you do? There’s little to no chance that this random TSA agent has a TappLock app on their phone, so the bluetooth option is out. You might be able to teach the TSA agent how to tap your code into the lock, but there’s a good chance that they won’t do it right or just plain don’t care enough to try. You’re probably going to end up with a very expensive paperweight after they cut your lock off your case.

Another issue is the battery. As with all electronic things the TappLock is battery powered, and the manufacturer claims that the battery will last about a year on a full charge. I haven’t had it for a year so I can’t confirm, but so far it’s been working fine for me. It will, however, run out eventually. At which point you need to charge it with the included USB cable that I guarantee you’re going to lose between now and then. So either you need to rig your cable so it is always connected and charging the lock, or make sure to put it in a secure location where no one else will touch it and where you can find it in the future. Someplace like a safe, but not the one that will be protected by an expensive lock with a dead battery.

And then we get to the security issues. As El Reg points out, the device has had a number of public vulnerability disclosures none of which give me the warm fuzzies. From being able to remove the back of the lock with a screwdriver and manually open the mechanism to the TappLock servers handing out your personal information willy-nilly there just wasn’t much to support the idea that they were producing an actually secure product. As a security engineer myself I personally loved the fact that the lock was generating its electronic keys based on a set and repeatable algorithm that used the lock’s MAC address as part of the key generation process and allowed anyone with that knowledge to create a duplicate key. I mean, I’ve used a similar process in the past, but adding a unique salt to a passphrase before hashing is like security 101 these days.

Personally, I look forward to the day when I can comfortably trust the security and safety of my firearms to a device where I can authorize and de-authorize people as needed. Where I can quickly access my firearms based just on my fingerprint, secure in the knowledge that no one else will be able to do the same. It’s just that the TappLock probably isn’t that device.

SPECIFICATIONS: TappLock
Battery: Internal rechargeable (2-3 years of normal use)
Price: $99.00

RATINGS (out of five stars):

Build Quality: * * * * *
It feels great. The lock looks aesthetically pleasing and feels solid. It’s exactly what I’d expect out of something I traded a Benjamin for.

Ease of Use: * * 
There’s some setup involved, and while combination locks are difficult it’s way more difficult to do the whole dance of authorizing someone else to open the lock via bluetooth.

Overall: * *
It’s a good start. A step in the right direction. But I feel like there’s more that can be done to improve on the design. Some way to easily allow previously unauthorized people to access the lock without having to spend ten minutes giving a lecture on the tapping process. Or installing an app on their phone. And I could definitely do without the data leaks and insecure key generation process.

comments

  1. avatar Vinnie Boombotts says:

    Alright Foghorn is back!!!

  2. avatar anonymoose says:

    I’ll just tie a sock around it for home defense and put all my guns in the regular safe.

  3. avatar TomC says:

    If you were at an airport having checked your gun and TSA paged you so they could check inside the locked container why would you want to try to teach some TSA agent the tapping code or hope one had the app? Anyone with an IQ above room temperature would do exactly what any of us does now: you go to the TSA security point (where they just paged you to come!) and open the case. THAT isn’t rocket science.

    The lock certainly does have some drawbacks — including its physical security and the company’s choice to use a proprietary charging cable instead of a micro-USB or USB-C cable, but imaginary issues with TSA are certainly not one of them.

  4. avatar Rick the Bear says:

    First, if TSA wants to look inside, _you can open it for them_. It doesn’t have to be cut off.

    Second, if the lock’s scanner works as well as my iPhone’s scanner, I’ll pass. It only works about half the time for me.

  5. avatar Liberty or Death says:

    Not even if it was free. Worthless junk!

    https://m.youtube.com/watch?v=RxM55DNS9CE

    1. avatar Tim says:

      dude…..

      1. avatar Hippi says:

        Dude what did you watch the whole video halfway through he gets it apart with a suction cup and a screwdriver in about 3 minutes

  6. avatar Frank in VA says:

    “Locks that use a key are simple to use, but they can be fairly easily picked”

    Only if they are cheap locks. Get an Abloy Protec 2 and that is extremely unlikely.

  7. avatar asdf says:

    Tsa page you???? HA HA HA HA HA. They’ll just cut the lock..

  8. avatar Don from CT says:

    This thing has all the makings of a Version 1.0 product.

    Big
    Expensive
    Complicated

    My advice, wait until V2.0 comes out.

  9. avatar Bob says:

    As a non-electronic alternative I’d suggest https://www.masterlock.com/personal-use/product/1500iD
    Beautiful mechanism, unshimmable, combination resettable to any number of strokes from 1 to infinity and beyond in under 30 seconds and no visual needed to open.
    My curiosity required that I sacrifice one to a Bridgeport with a carbide cutter (required). I now own several.

  10. avatar DrDKW says:

    Not only is it vulnerable to a suction-cup and screwdriver, but it works by
    “Electricity, the high-priest of false security!”
    (Quote from ‘Sherlock Holmes and the Pearl of Death’ 1944.)

Write a Comment

Your email address will not be published. Required fields are marked *

button to share on facebook
button to tweet
button to share via email